Method, apparatus, and system of detecting data security

ABSTRACT

Methods, apparatus and system of detecting data security are provided herein. Data for detection are acquired. Whether the data for detection are to be updated for a first time is determined. When the data for detection are to be updated for the first time, the data for detection can be updated, encrypted, and stored as first encrypted data. When the data for detection are not to be updated for the first time, the data for detection can be acquired and encrypted to provide second encrypted data. The second encrypted data are compared with the stored first encrypted data to determine whether the second encrypted data having been unauthorizedly modified. The present disclosure is simple to be implemented without relying on specific logical of a certain application. Development costs, maintenance costs and occupancy of server resources can be reduced. System performance and user experience can be improved.

CROSS-REFERENCES TO RELATED APPLICATIONS

This application is a continuation application of PCT Patent ApplicationNo. PCT/CN2014/078469, filed on May 27, 2014, which claims priority toChinese Patent Application No. 201310323073.X, filed on Jul. 29, 2013,the entire contents of which are incorporated herein by reference.

FIELD OF THE DISCLOSURE

The present disclosure relates to the field of communication technologyand, more particularly, relates to methods, apparatus, and systems ofdetecting data security.

BACKGROUND

With the development of communication technology, data security isgetting more and more attention from people. In an example of onlinegames, for certain purposes, some players may cheat, usually byplug-ins. This type of plug-in technology needs to use memorymodification tools to modify the key data of the games on a clientterminal. This is not only a undermining of fair play, but also athreatening to data security. Anti-plug-in strategies are thus currentlydeveloped. Generally, a set of anti-plug-in logic closely related togame logic needs to be developed independently for varies games. Suchset of anti-plug-in logic may be installed on a server for the server tooperate and verify the data to prevent players from cheating in thegame.

However, current strategies are developed for each individual game. Thelogic used is complicated and cannot be generalized to different games.In addition, a large amount of server resources are used, when theserver operates and verifies the data for prevent cheating in the game.

BRIEF SUMMARY OF THE DISCLOSURE

According to various embodiments, there is provided a method ofdetecting data security. Data for detection are acquired. The data fordetection include data that need a security detection and that need tobe updated. Whether the data for detection are to be updated for a firsttime is then determined. When the data for detection are to be updatedfor the first time is determined, the data for detection can be updatedto obtain the updated data for detection, which can then be encrypted toprovide first encrypted data. The first encrypted data can be stored.When the data for detection are not to be updated for the first time isdetermined, an original value of the data for detection can be acquiredand encrypted to provide second encrypted data. The stored firstencrypted data can be acquired. When the second encrypted data do notequal to the first encrypted data is determined, the data for detectionhave been unauthorizedly modified can be determined.

According to various embodiments, there is provided an apparatus ofdetecting data security. The apparatus of detecting data securityincludes an acquiring unit, a determining unit, a first processing unit,and a second processing unit.

The acquiring unit is configured to acquire data for detection. The datafor detection include data that need a security detection and that needto be updated. The determining unit is configured to determine whetherthe data for detection are to be updated for a first time. The firstprocessing unit is configured, after determining that the data fordetection are to be updated for the first time, to update the data fordetection, to obtain the updated data for detection, to encrypt theupdated data for detection to provide first encrypted data, and to savethe first encrypted data. The second processing unit is configured,after determining that the data for detection are not to be updated forthe first time, to acquire an original value of the data for detection,to encrypt the original value to provide second encrypted data, toacquire the stored first encrypted data, and to determine that the datafor detection have been unauthorizedly modified, after determining thatthe second encrypted data do not equal to the first encrypted data.

The acquiring unit is further configured to acquire data that need to beupdated, and determine that the data that need to be updated are thedata for detection. The acquiring unit is further configured to acquiredata that need to be updated, and, after determining that the data thatneed to be updated are key data, determine that the data that need to beupdated are the data for detection.

The apparatus of detecting data security further includes a receivingunit and a determining unit. The receiving unit is configured to receiveaddress configuration information of data that need to be monitored sentfrom a server. The determining unit is configured to determine whetherthe security detection is needed for the data, according to the addressconfiguration information of the data. The acquiring unit is configured,after determining that the security detection is needed for the data, toacquire the data as the data for detection.

The second processing unit is further configured to send a notificationmessage to the server after determining that the data for detection havebeen unauthorizedly modified. The notification message indicates thatthe data have been unauthorizedly modified.

Optionally, the second processing unit is further configured to storethe second encrypted data, when that the second encrypted data do notequal to the first encrypted data is determined.

According to various embodiments, there is provided a a non-transitorycomputer-readable medium having computer program. When being executed bya processor, the computer program performs a method of detecting datasecurity. Data for detection are acquired. The data for detectioninclude data that need a security detection and that need to be updated.Whether the data for detection are to be updated for a first time isthen determined. When the data for detection are to be updated for thefirst time is determined, the data for detection can be updated toobtain the updated data for detection, which can then be encrypted toprovide first encrypted data. The first encrypted data can be stored.When the data for detection are not to be updated for the first time isdetermined, an original value of the data for detection can be acquiredand encrypted to provide second encrypted data. The stored firstencrypted data can be acquired. When the second encrypted data do notequal to the first encrypted data is determined, the data for detectionhave been unauthorizedly modified can be determined.

Other aspects or embodiments of the present disclosure can be understoodby those skilled in the art in light of the description, the claims, andthe drawings of the present disclosure.

BRIEF DESCRIPTION OF THE DRAWINGS

The following drawings are merely examples for illustrative purposesaccording to various disclosed embodiments and are not intended to limitthe scope of the present disclosure.

FIG. 1 depicts an exemplary method of detecting data security consistentwith various disclosed embodiments;

FIG. 2 a depicts an exemplary client consistent with various disclosedembodiments;

FIG. 2 b depicts another exemplary method of detecting data securityconsistent with various disclosed embodiments;

FIG. 3 depicts another exemplary method of detecting data securityconsistent with various disclosed embodiments;

FIG. 4 depicts an exemplary apparatus of detecting data securityconsistent with various disclosed embodiments;

FIG. 5 depicts an exemplary terminal device consistent with variousdisclosed embodiments; and

FIG. 6 depicts an exemplary environment incorporating certain disclosedembodiments.

DETAILED DESCRIPTION

Reference will now be made in detail to exemplary embodiments of thedisclosure, which are illustrated in the accompanying drawings. Whereverpossible, the same reference numbers will be used throughout thedrawings to refer to the same or like parts.

FIGS. 1-5 depict exemplary methods and apparatus of detecting datasecurity in accordance with various disclosed embodiments. The exemplarymethods and apparatus can be implemented, for example, in an exemplaryenvironment 600 as shown in FIG. 6.

As shown in FIG. 6, the environment 600 can include a server 604, aterminal 606, and a communication network 602. The server 604 and theterminal 606 may be coupled through the communication network 602 forinformation exchange, for example, Internet searching, webpage browsing,etc. Although only one terminal 606 and one server 604 are shown in theenvironment 600, any number of terminals 606 or servers 604 may beincluded, and other devices may also be included.

The communication network 602 may include any appropriate type ofcommunication network for providing network connections to the server604 and terminal 606 or among multiple servers 604 or terminals 606. Forexample, the communication network 602 may include the Internet or othertypes of computer networks or telecommunication networks, either wiredor wireless.

A terminal, as used herein, may refer to any appropriate user terminaldevice with certain computing capabilities, for example, a personalcomputer (PC), a work station computer, a notebook computer, a carcomputer (e.g., carrying in a car or other vehicles), a server computer,a hand-held computing device (e.g., a tablet computer), a mobileterminal (e.g., a mobile phone, a smart phone, an iPad, and/or an aPad),a POS (i.e., point of sale) device, or any other user-side computingdevice. In various embodiments, the terms “terminal” and “terminaldevice” can be used interchangeably.

A server, as used herein, may refer one or more server computersconfigured to provide certain server functionalities, for example,search engines and database management. A server may also include one ormore processors to execute computer programs in parallel. The server 604and the terminal 606 may be implemented on any appropriate computingplatform, e.g., as shown in FIG. 5.

In operation, the terminal 606 may cause the server 604 to performcertain actions, for example, an Internet search or other databaseoperations. The server 604 may be configured to provide structures andfunctions for such actions and operations. More particularly, the server604 may include a data searching system for real-time databasesearching. In various embodiments, a terminal, for example, a mobileterminal involved in the disclosed methods and systems can include theterminal 606.

Methods, apparatus, and systems of detecting data security are provided.Exemplary apparatus of detecting data security can be integrated in aclient. The client can be installed in a terminal device. The terminaldevice can include, but is not limited to, smart phones, tabletcomputers, e-book readers, moving picture experts group audio layer III(MP3) players, moving picture experts group audio layer IV (MP4)players, laptops, and/or desktop computers. The terminal device can beany device as depicted in FIG. 6.

In an exemplary method of detecting data security, data for detectionare acquired. The data for detection include data that need a securitydetection and that need to be updated. Whether the data for detectionare to be updated for a first time is then determined. When the data fordetection are to be updated for the first time is determined, the datafor detection can be updated to obtain the updated data for detection,which can then be encrypted to provide first encrypted data. The firstencrypted data can be stored. When the data for detection are not to beupdated for the first time is determined, an original value of the datafor detection can be acquired and encrypted to provide second encrypteddata. The stored first encrypted data can be acquired. When the secondencrypted data do not equal to the first encrypted data is determined,the data for detection have been unauthorizedly modified can bedetermined.

FIG. 1 depicts an exemplary method of detecting data security consistentwith various disclosed embodiments. In Step 101, data for detection areacquired. The data for detection include data that need a securitydetection and that need to be updated.

For example, all data that need to be updated can be taken as the datafor detection. Alternatively, in order to reduce the burden of detectionand improve system performance, only key data are detected and updated,while regular data other than the key data can be updated usingconventional methods.

For example, Step 101 of acquiring data for detection can include thefollowing. Data that need to be updated is acquired and determined asthe data for detection. Or, data that need to be updated is acquired andalso determined as the key data, such data can be determined as the datafor detection.

Further, what data need for detection that can be configured, accordingto specific practical applications. The configuration can be configureddirectly in the client or be issued by a server. For example, beforeacquiring data for detection, the method of detecting data securityfurther includes: receiving address configuration information of datathat need to be monitored from the server. Whether the securitydetection is needed for the data can be determined according to theaddress configuration information of the data. The acquiring of data fordetection can include acquiring the data for detection after the need ofsecurity detection is determined for the data.

In Step 102, it is determined whether the data for detection acquiredfrom Step 101 are to be updated for a first time. When it is the firsttime to be updated, Step 103 can be executed. When it is not the firsttime to be updated, Step 104 can be executed.

For example, a record of update history can be searched for the data fordetection. When a historical record of update exists, it is determinedthat the data for detection are not to be updated for the first time.When the historic record of update does not exist, it is determined thatthe data for detection are to be updated for the first time.

In another example, whether the data for detection has correspondingupdated data can be searched. When the corresponding updated data exist,it is determined that the data for detection are not to be updated forthe first time. When the corresponding updated data do not exist, it isdetermined that the data for detection are to be updated for the firsttime. Of course, other suitable methods of determining whether the datafor detection are to be updated for the first time can be used andincluded without limitation.

In Step 103, when the data for detection are to be updated for the firsttime, the data for detection can be updated to obtain updated data fordetection. The updated data for detection can be encrypted to providefirst encrypted data. The first encrypted data can be stored.

For example, an encryption algorithm can be configured according tospecific practical applications. The storing method and storing addressof the first encrypted data can be configured according to actual needs.For example, the first encrypted data can be stored in a certain addressof a memory

In Step 104, when it is determined that the data for detection are notto be updated for the first time, an original value of the data fordetection can be acquired and encrypted to provide second encrypteddata. The stored first encrypted data can be acquired (e.g., the firstencrypted data stored when previously updated, e.g., for the firsttime). It is determined whether the second encrypted data equal to thefirst encrypted data. When the second encrypted data equal to the firstencrypted data, the data for detection that are not to be updated forthe first time (or have otherwise been updated previously) can bedetermined having had an authorized update. When the second encrypteddata do not equal to the first encrypted data, the data for detectionthat are not to be updated for the first time (or have otherwise beenupdated previously) can be determined having been unauthorizedlymodified.

For example, the encryption algorithm can be configured according tospecific practical applications and can be consistent with theencryption algorithm depicted in Step 103.

Optionally, when the second encrypted data do not equal to the firstencrypted data is determined, the second encrypted data can also bestored. The storing method and storing address of the second encrypteddata can be configured according to specific practical applications. Forexample, the second encrypted data can be stored in a certain address ofa memory.

Further, after that the data have been unauthorizedly modified isdetermined, a message indicating the unauthorizedly modification of thedata can be notified to the server. For example, after determining thatthe data have been unauthorizedly modified, the method of detecting datasecurity may further include: sending a notification message to theserver. The notification message indicates that the data have beenunauthorizedly modified.

In this manner, data for detection are acquired. Whether the data fordetection are to be updated for a first time is determined. When thedata for detection are to be updated for the first time, the data fordetection can be updated to obtain updated data for detection, which canthen be encrypted to provide first encrypted data. The first encrypteddata can be stored. When the data for detection are not to be updatedfor the first time, an original value of the data for detection can beacquired and encrypted to provide second encrypted data. The secondencrypted data are compared with the stored first encrypted data. Whenthe second encrypted data do not equal to the first encrypted data, thenthe data that are not to be updated for the first time can be determinedhaving been unauthorizedly modified.

The disclosed method is simple to be implemented without relying onspecific logical of a certain application (e.g. a game). Indeed, thedisclosed method can be applied and generalized to any applications. Forexample, even if the applied application changes its version, there isno need to re-design detecting logic according to the changed version ofthe application. Development and maintenance costs can be reducedsignificantly. Further, since most operations and verifications asdisclosed do not need to be implemented by the server, occupancy ofserver resources can be reduced, and system performance and userexperience can be improved.

Exemplary methods of detecting data security can also be provided inFIGS. 2-3. In one embodiment, the disclosed methods can be applied togame data and an apparatus for implementing the disclosed methods can beintegrated into a client.

As depicted in FIG. 2 a, a client may include a game logic module, agame data managing module, and a detecting module. The detecting modulemay include a WriteValue interface.

The game logic module is configured to read and write game data throughthe game Data managing module, to run the game data, and to update gamedata normally (or regularly) when the detecting module determines thatthe game data do not need data security detecting. The game datamanaging module is configured to manage the game data, e.g., to providethe game data to the game logic module or the detecting module.

The detecting module can be an anti-plug-in module. The detecting modulemay include the WriteValue interface. The WriteValue interface is usedto register monitoring SetValue event to the game data managing module,to receive the data for detection sent from the game data managingmodule through the WriteValue interface when the game data is determinedthat needs to conduct a security detection, and to conduct the securitydetection and data update for the data for detection. For example,whether the data for detection are to be updated for a first time can bedetermined.

When the data for detection are to be updated for the first time, thedata for detection can be updated to obtain the updated data fordetection. The updated data for detection can then be encrypted toprovide first encrypted data. The first encrypted data can be stored.When the data for detection are not to be updated for the first time, anoriginal value of the data for detection can be acquired and encryptedto provide second encrypted data. The stored first encrypted data can beacquired. When the second encrypted data do not equal to the firstencrypted data, the data for detection can be determined that have beenunauthorizedly modified.

Based on the configuration of the above client, FIG. 2 b depicts anexemplary method of detecting data security. In Step 201, the gamelogical module receives a game data updating request.

In Step 202, the game logic module acquires data that need to be updatedthrough the Data Managing module according to the game data updatingrequest, and determines whether the data that need to be updated is thekey data of the game. When it is determined as the key data of the game,the data that need to be updated is determined to be data for detection.The WriteValue interface of detecting module can be called; and Step 203can be executed. When it is determined the data that need to be updatedis not the key data of the game, the data that need to be updated can beupdated as usual. For example, any suitable data updating methods can beused and encompassed according to various embodiments.

It should be appreciated that this step can be optional. For example, itis not necessary to determine whether the data that need to be updatedare key data, but all data that need to be updated can be used as datafor detection.

In Step 203, the WriteValue interface of the detecting module acquiresdata for detection through the game date managing module, and determineswhether the data for detection are to be updated for a first time. Whenit is the first time to be updated, Step 204 can be executed. When it isnot the first time to be updated, Step 205 can be executed.

For example, a record of update history can be searched for the data fordetection. When a historical record of update exists, it is determinedthat the data for detection are not to be updated for the first time.When the historic record of update does not exist, it is determined thatthe data for detection are to be updated for the first time.

In another example, whether the data for detection has correspondingupdated data can be searched. When the corresponding updated data exist,it is determined that the data for detection are not to be updated forthe first time. When the corresponding updated data do not exist, it isdetermined that the data for detection are to be updated for the firsttime. Of course, other suitable methods of determining whether the datafor detection are to be updated for the first time can be used andincluded without limitation.

In Step 204, when the WriteValue interface of the detecting moduledetermines the data for detection are to be updated for the first time,the data for detection can be updated to obtain the updated data fordetection. The updated data for detection can be encrypted to providefirst encrypted data.

For example, an encryption algorithm can be configured according tospecific practical applications. The storing method and storing addressof the first encrypted data can be configured according to actual needs.For example, the first encrypted data can be stored in a certain addressof a memory.

In Step 205, when the WriteValue interface of the detecting moduledetermines that the data for detection are not to be updated for thefirst time, an original value of the data for detection can be acquiredand encrypted to provide second encrypted data. The stored firstencrypted data can be acquired (e.g., the first encrypted data storedwhen previously updated, e.g., for the first time). It is determinedwhether the second encrypted data equal to the first encrypted data.When the second encrypted data equal to the first encrypted data, thedata for detection that are not to be updated for the first time (orhave otherwise been updated previously) can be determined having had anauthorized update. When the second encrypted data do not equal to thefirst encrypted data, the data for detection that are not to be updatedfor the first time (or have otherwise been updated previously) can bedetermined having been unauthorizedly modified.

For example, the encryption algorithm can be configured according tospecific practical applications and can be consistent with theencryption algorithm depicted in Step 204. Optionally, when the secondencrypted data do not equal to the first encrypted data is determined,the second encrypted data can also be stored. The storing method andstoring address of the second encrypted data can be configured accordingto specific practical applications. For example, the second encrypteddata can be stored in a certain address of a memory.

In Step 206, the WriteValue interface of the detecting module sends anotification message to the server. The notification message indicatesthat the data have been unauthorizedly modified.

In this manner, the detecting module takes over operations for updatinggame data, e.g., that used to be executed by a game logic module. Thedetecting module acquires data for detection. Whether the data fordetection are to be updated for a first time is determined. When thedata for detection are to be updated for the first time, the data fordetection can be updated to obtain updated data for detection, which canthen be encrypted to provide first encrypted data. The first encrypteddata can be stored. When the data for detection are not to be updatedfor the first time, an original value of the data for detection can beacquired and encrypted to provide second encrypted data. The secondencrypted data are compared with the stored first encrypted data. Whenthe second encrypted data do not equal to the first encrypted data, thenthe data that are not to be updated for the first time can be determinedhaving been unauthorizedly modified. The disclosed method is simple tobe implemented without relying on specific logical of a certainapplication (e.g. a game).

Indeed, the disclosed method can be applied and generalized to anyapplications. For example, even if the applied application changes itsversion, there is no need to re-design detecting logic according to thechanged version of the application. Development and maintenance costscan be reduced significantly. Further, since most operations andverifications as disclosed do not need to be implemented by the server,occupancy of server resources can be reduced, and system performance anduser experience can be improved.

Optionally, what data need for detection that can be configured,according to specific practical applications. The configuration can beconfigured directly in the client or be issued by a server. Thefollowing example is based on issuing configuration by the server.

Similar to the embodiment as depicted in FIG. 2B, for illustrationpurposes, the exemplary method in FIG. 3 can be described based on theclient as depicted in FIG. 2 a. FIG. 3 depicts another exemplary methodof detecting data security consistent with various disclosedembodiments.

In Step 301, a server reads game data address, which needs to bemonitored, from a pre-set configuration file.

In Step 302, the server sends the configuration information of the dataaddress that needs to be monitored to a game logic module. Theconfiguration information of the data address that needs to be monitoredincludes the game data address that needs to be monitored as read inStep 301.

In Step 303, the game logic module receives a game data updating request(or a request for updating game data).

In Step 304, the game logic module acquires data that need to be updatedthrough the Data Managing module according to the game data updatingrequest, and determines whether the data that need to be updated needdata security detection according to the configuration information ofthe data address received in Step 302. When the data need to conductdata security detection, then Step 305 can be executed. When the data donot need to conduct data security detection, the data that need to beupdated can be updated as usual. For example, any suitable data updatingmethods can be used and encompassed according to various embodiments.

In Step 305, the game logic module determines whether the data that needto be updated is the key data of the game. When it is determined as thekey data of the game, the data that need to be updated is determined tobe data for detection. The WriteValue interface of detecting module canbe called, and Step 306 can be executed. When it is determined the datathat need to be updated is not the key data of the game, the data thatneed to be updated can be updated as usual. For example, any suitabledata updating methods can be used and encompassed according to variousembodiments.

It should be appreciated that this step can be optional. For example, itis not necessary to determine whether the data that need to be updatedare key data, but all data that need to be updated can be used as datafor detection.

In Step 306, the WriteValue interface of the detecting module acquiresdata for detection through the game date managing module. It isdetermined whether the data for detection are to be updated for a firsttime. When it is the first time to be updated, Step 307 can be executed.When it is not the first time to be updated, Step 308 can be executed.

For example, a record of update history can be searched for the data fordetection. When a historical record of update exists, it is determinedthat the data for detection are not to be updated for the first time.When the historic record of update does not exist, it is determined thatthe data for detection are to be updated for the first time.

In another example, whether the data for detection has correspondingupdated data can be searched. When the corresponding updated data exist,it is determined that the data for detection are not to be updated forthe first time. When the corresponding updated data do not exist, it isdetermined that the data for detection are to be updated for the firsttime. Of course, other suitable methods of determining whether the datafor detection are to be updated for the first time can be used andincluded without limitation.

In Step 307, when the WriteValue interface of the detecting moduledetermines the data for detection are to be updated for the first time,the data for detection can be updated to obtain the updated data fordetection. The updated data for detection can be encrypted to providefirst encrypted data.

For example, an encryption algorithm can be configured according tospecific practical applications. The storing method and storing addressof the first encrypted data can be configured according to actual needs.For example, the first encrypted data can be stored in a certain addressof a memory.

In Step 308, when the WriteValue interface of the detecting moduledetermines the data for detection are not to be updated for the firsttime, an original value of the data for detection can be acquired andencrypted to provide second encrypted data. The stored first encrypteddata can be acquired (e.g., the first encrypted data stored whenpreviously updated, e.g., for the first time). It is determined whetherthe second encrypted data equal to the first encrypted data. When thesecond encrypted data equal to the first encrypted data, the data fordetection that are not to be updated for the first time (or haveotherwise been updated previously) can be determined having had anauthorized update. When the second encrypted data do not equal to thefirst encrypted data, the data for detection that are not to be updatedfor the first time (or have otherwise been updated previously) can bedetermined having been unauthorizedly modified, e.g. via the plug-intechnique.

For example, the encryption algorithm can be configured according tospecific practical applications and can be consistent with theencryption algorithm depicted in Step 307.

Optionally, when the second encrypted data do not equal to the firstencrypted data is determined, the second encrypted data can also bestored. The storing method and storing address of the second encrypteddata can be configured according to specific practical applications. Forexample, the second encrypted data can be stored in a certain address ofa memory.

In Step 309, the WriteValue interface of the detecting module sends anotification message to the server. The notification message indicatesthat the data have been unauthorizedly modified.

In this manner, the server is configured to issue the configurationfile, and the detecting module takes over operations for updating gamedata, e.g., that used to be executed by a game logic module. Thedetecting module acquires data for detection. Whether the data fordetection are to be updated for a first time is determined. When thedata for detection are to be updated for the first time, the data fordetection can be updated to obtain updated data for detection, which canthen be encrypted to provide first encrypted data. The first encrypteddata can be stored. When the data for detection are not to be updatedfor the first time, an original value of the data for detection can beacquired and encrypted to provide second encrypted data. The secondencrypted data are compared with the stored first encrypted data. Whenthe second encrypted data do not equal to the first encrypted data, thenthe data that are not to be updated for the first time can be determinedhaving been unauthorizedly modified.

The disclosed method is simple to be implemented without relying onspecific logical of a certain application (e.g. a game). Indeed, thedisclosed method can be applied and generalized to any applications. Forexample, even if the applied application changes its version, there isno need to re-design detecting logic according to the changed version ofthe application. Development and maintenance costs can be reducedsignificantly. Further, since most operations and verifications asdisclosed do not need to be implemented by the server, occupancy ofserver resources can be reduced, and system performance and userexperience can be improved.

Various embodiments further provide an exemplary apparatus of detectingdata security. As depicted in FIG. 4, an exemplary apparatus ofdetecting data security includes an acquiring unit 401, a determiningunit 402, a first processing unit 403, and a second processing unit 404.

The acquiring unit 401 is configured to acquire data for detection. Thedata for detection include data that need a security detection and thatneed to be updated.

For example, all data that need to be updated can be taken as the datafor detection. Alternatively, in order to reduce the burden of detectionand improve system performance, only key data are detected and updated,while regular data other than the key data can be updated usingconventional methods.

The acquiring unit 401 is configured to acquire data that need to beupdated, which is determined as the data for detection. Or the acquiringunit 401 can acquire data that need to be updated, and determine thatthe data that need to be updated is data for detection after the datathat need to be updated is determined to be key data.

The determining unit 402 is configured to determine whether the data fordetection acquired by the acquiring unit 401 are to be updated for afirst time. For example, the determining unit 402 can search a record ofupdate history for the data for detection. When a historical record ofupdate exists, it is determined that the data for detection are not tobe updated for the first time. When the historic record of update doesnot exist, it is determined that the data for detection are to beupdated for the first time.

In another example, the determining unit 402 can search for whether thedata for detection has corresponding updated data. When thecorresponding updated data exist, it is determined that the data fordetection are not to be updated for the first time. When thecorresponding updated data do not exist, it is determined that the datafor detection are to be updated for the first time. Of course, othersuitable methods of determining whether the data for detection are to beupdated for the first time can be used and included without limitation.

The first processing unit 403 is configured to, when the data fordetection are determined to be updated for the first time by thedetermining unit 402, to update the data for detection, to obtain theupdated data for detection, to encrypt the updated data for detection toprovide first encrypted data, and to store the first encrypted data.

For example, an encryption algorithm can be configured according tospecific practical applications. The storing method and storing addressof the first encrypted data can be configured according to actual needs.For example, the first encrypted data can be stored in a certain addressof a memory.

The second processing unit 404 is configured to, when the data fordetection are determined not be updated for the first time by thedetermining unit 402, to acquire original value of the data fordetection, to encrypt the original value to provide second encrypteddata, to acquire the stored first encrypted data, to determine that thedata for detection have been unauthorizedly modified when the secondencrypted data do not equal to the first encrypted data.

For example, the encryption algorithm can be configured according tospecific practical applications and can be consistent with theencryption algorithm depicted in Step 103.

Optionally, when the second encrypted data do not equal to the firstencrypted data is determined, the second encrypted data can also bestored. For example, the second processing unit 404 can be configured tostore the second encrypted when the second encrypted is determined thatdo not equal to the first encrypted data.

Further, the storing method and storing address of the second encrypteddata can be configured according to specific practical applications. Forexample, the second encrypted data can be stored in a certain address ofa memory.

Further, after that the data have been unauthorizedly modified isdetermined, a message indicating the unauthorizedly modification of thedata can be notified to the server. For example, after determining thatthe data have been unauthorizedly modified, the second processing unit404 can be configured to send a notification message to the server. Thenotification message indicates that the data have been unauthorizedlymodified.

Optionally, what data need for detection that can be configured,according to specific practical applications. The configuration can beconfigured directly in the client or be issued by a server. For example,the apparatus of detecting data security can further include a receivingunit and a Confirming Unit.

The receiving unit is configured to receive the address configurationinformation of data that need to be monitored from the server.

The determining unit is configured to determine whether the securitydetection is needed for that data according to the address configurationinformation of the data received from the receiving unit. The acquiringunit 401 is configured to acquire the data for detection after the needof security detection is determined for the data.

In varied embodiments, the units disclosed herein can be implementedeither alone, or in combination according to the disclosed methods. Theunits disclosed herein be implemented as a same unit or multiple unites.For example, the client shown in FIGS. 2-3 can be used.

The apparatus of detecting data security can be integrated in a client.The client can be installed in a terminal device. The terminal devicecan include, but is not limited to, smart phones, tablet computers,e-book readers, MP3 players, MP4 players, laptops, and desktopcomputers.

In this manner, the acquiring unit 401 of the exemplary apparatus ofdetecting data security acquires data for detection. The determiningunit 402 determines whether the data for detection are to be updated fora first time. When the data for detection are to be updated for thefirst time, the data for detection can be updated to obtain updated datafor detection by the first processing unit 403. The updated data fordetection can then be encrypted to provide first encrypted data. Thefirst encrypted data can be stored. When the data for detection are notto be updated for the first time, an original value of the data fordetection can be acquired and encrypted to provide second encrypted databy the second first processing unit 404. The second encrypted data arecompared with the stored first encrypted data. When the second encrypteddata do not equal to the first encrypted data, then the data that arenot to be updated for the first time can be determined having beenunauthorizedly modified.

The disclosed method is simple to be implemented without relying onspecific logical of a certain application (e.g. a game). Indeed, thedisclosed method can be applied and generalized to any applications. Forexample, even if the applied application changes its version, there isno need to re-design detecting logic according to the changed version ofthe application. Development and maintenance costs can be reducedsignificantly. Further, since most operations and verifications asdisclosed do not need to be implemented by the server, occupancy ofserver resources can be reduced, and system performance and userexperience can be improved.

Accordingly, an exemplary communication system can be provided. Theexemplary communication system can include any apparatus of detectingdata security. Further, the communication system may also include otherapparatus, such as a server.

The server may be configured to receive the notification message sent bythe apparatus of detecting data security (e.g., the second processingunit 404 of the apparatus of detecting data security). The notificationmessage indicates that the data have been unauthorizedly modified.

Optionally, the server can be configured to read game data address thatneed to monitored from the pre-set configuration file, and to send theconfiguration information of the data that need to be monitored to theapparatus of detecting data security (e.g., in particular, the acquiringunit 401 of the apparatus of detecting data security). The configurationinformation of the data that need to be monitored includes the game dataaddress that need to be monitored, read in Step 301.

Specific implementation of each apparatus can be referred to theabove-described embodiments. Since the communication system includes anyapparatus of detecting data security provided by various embodiments,the communication system can achieve the same positive effect as theapparatus of detecting dada security provided by various embodiments.

FIG. 5 is a structural diagram of an exemplary terminal device 500consistent with various disclosed embodiments. The disclosed apparatuscan be included in the exemplary terminal device 500.

The exemplary terminal device 500 can include an RF (Radio Frequency)circuit 501, a memory device 502 including one or more computer-readablestorage media, an input unit 503, a display unit 504, a sensor 505, anaudio circuit 506, a WIFI (Wireless Fidelity) module 507, a processor508 including one or more processing cores, a power supply 509, and/orother components. In various embodiments, the terminal device(s)described herein can include more or less components as depicted in FIG.5. Certain parts can be omitted, combined, replaced, and/or added.

The RF circuit 501 may be used to send and receive information or sendand receive signal during communication. In particular, after receivingdownlink information from a base station, such information can beprocessed by the one or more processors 508. Further, the data relatedto the uplink can be sent to the base station. Generally, the RF circuit501 can include, but be not limited to, an antenna, at least oneamplifier, a tuner, one or more oscillators, user identity module (SIM)card, a transceiver, a coupler, LNA (i.e., Low Noise Amplifier),duplexer, etc. In addition, the RF circuit 501 may communicate withother devices via a wireless communication network. The wirelesscommunication may use any communication standards or protocols,including but not limited to, GSM (Global System for MobileCommunications), GPRS (General Packet Radio Service), CDMA (CodeDivision Multiple Access), WCDMA (Wideband Code Division MultipleAccess), LTE (Long Term Evolution), e-mail, SMS (Short MessagingService), etc.

The memory device 502 can be used for storing software programs andmodules, such as those software programs and modules corresponding tothe terminal device and the third party service provider as described inFIGS. 3-5 for business processing. By running software programs andmodules stored in the memory device 502, the processor 508 can performvarious functional applications and data processing to achieve businessprocessing. The memory device 502 can include a program storage area anda data storage area. The program storage area can store the operatingsystem, applications (such as sound playback, image playback, etc.)required by at least one function. The data storage area can store data(such as audio data, phone book, etc.) created when using the terminaldevice 500. In addition, the memory device 502 may include a high-speedrandom access memory, a non-volatile memory, such as at least one diskmemory, flash memory, and/or other volatile solid-state memory elements.Accordingly, the memory device 502 may further include a memorycontroller to provide the processor 508 and the input unit 503 withaccess to the memory device 502.

The input unit 503 can be used to receive inputted numeric or characterinformation, and to generate signal input of keyboard, mouse, joystick,and trackball or optical signal input related to the user settings andfunction controls. Specifically, the input unit 503 may include a touchsensitive surface and other input device(s). The touch-sensitivesurface, also known as a touch screen or touch panel, may collect touchoperations that a user conducts on or near the touch-sensitive surface.For example, a user may use a finger, a stylus, and any other suitableobject or attachment on the touch-sensitive surface or on an area nearthe touch-sensitive surface. The touch-sensitive surface may drive aconnecting device based on a preset program. Optionally, the touchsensitive surface may include a touch detection device and a touchcontroller. The touch detection device can detect user's touch positionand detect a signal due to a touch operation and send the signal to thetouch controller. The touch controller can receive touch informationfrom the touch detection device, convert the touch information intocontact coordinates to send to the processor 508, and receive commandssent from the processor 508 to execute. Furthermore, the touch sensitivesurface can be realized by resistive, capacitive, infrared surfaceacoustic wave, and/or other types of surface touch. In addition to thetouch sensitive surface, the input unit 503 may also include other inputdevice(s). Specifically, the other input device(s) may include, but benot limited to, a physical keyboard, function keys (such as volumecontrol buttons, switch buttons, etc.), a trackball, a mouse, anoperating lever, or combinations thereof.

The display unit 504 can be used to display information inputted by theuser, information provided to the user, and a variety of graphical userinterfaces of the terminal device 500. These graphical user interfacescan be formed by images, text, icons, videos, and/or any combinationsthereof. The display unit 504 may include a display panel configured by,e.g., LCD (Liquid Crystal Display), OLED (Organic Light-Emitting Diode),etc. Further, the touch sensitive surface may cover the display unit504. When the touch sensitive surface detects a touch operation on ornear the touch sensitive surface, the touch operation can be sent to theprocessor 508 to determine a type of the touch operation. Accordingly,the processor 508 can provide visual output on the display unit 504.Although in FIG. 5 the touch-sensitive surface and the display panel areshown as two separate components to achieve input and output functions,in some embodiments, the touch sensitive surface and the display panelcan be integrated to perform input and output functions.

The terminal device 500 may further include at least one sensor 505,such as optical sensors, motion sensors, and other suitable sensors.Specifically, the optical sensors may include an ambient optical sensorand a proximity sensor. The ambient optical sensor may adjust brightnessof the display panel according to the brightness of ambient light. Theproximity sensor can turn off the display panel and/or turnbacklighting, when the terminal device 500 moves to an ear. As a type ofmotion sensor, a gravity sensor may detect amount of an acceleration ineach direction (e.g., including three axis) and detect magnitude anddirection of gravity when in stationary. The gravity sensor can be usedto identify phone posture (for example, switching between horizontal andvertical screens, related games, magnetometer calibration posture,etc.), vibration recognition related functions (e.g., pedometer,percussion, etc.), etc. The terminal device 500 can also be configuredwith, e.g., a gyroscope, a barometer, a hygrometer, a thermometer, aninfrared sensor, and/or other sensors.

The audio circuit 506, the speaker, and the microphone may provide anaudio interface between the user and terminal device 500. The audiocircuit 506 may transmit an electrical signal converted from thereceived audio data to the speaker to convert into audio signal output.On the other hand, the microphone can convert the collected sound signalto an electrical signal, which can be received by the audio circuit 506to convert into audio data. The audio data can be output to theprocessor 508 for processing and then use the RF circuit 501 to transmitto, e.g., another terminal device. Alternatively, the audio data can beoutput to the memory device 502 for further processing. The audiocircuit 506 may also include an earplug jack to provide communicationsbetween the peripheral headset and the terminal device 500.

WiFi is used as a short-range wireless transmission technology. Theterminal device 500 may use the WIFI module 507 to help users send andreceive emails, browse websites, access streaming media, etc. The WIFImodule 507 can provide users with a wireless or wired broadband Internetaccess. In various embodiments, the transport module 507 can beconfigured within or outside of the terminal device 500 as depicted inFIG. 5.

The processor 508 can be a control center of the terminal device 500:using a variety of interfaces and circuits to connect various parts,e.g., throughout a mobile phone; running or executing software programsand/or modules stored in the memory device 502; calling the stored datain the memory device 502; and/or performing various functions and dataprocessing of the terminal device 500 to monitor the overall mobilephone. Optionally, the processor 508 may include one or more processingcores. In an exemplary embodiment, the processor 508 may integrateapplication processor with modulation and demodulation processor. Theapplication processor is mainly used to process operating system, userinterface, and applications. The modulation and demodulation processoris mainly used to deal with wireless communications. In variousembodiments, the modulation and demodulation processor may or may not beintegrated into the processor 508.

The terminal device 500 may further include a power supply 509 (such asa battery) to power various components of the terminal device. In anexemplary embodiment, the power supply can be connected to the processor508 via the power management system, and thus use the power managementsystem to manage charging, discharging, and/or power managementfunctions. The power supply 509 may also include one or more DC or ACpower supplies, a recharging system, a power failure detection circuit,a power converter or inverter, a power status indicator and/or any othersuitable components.

Although not shown in FIG. 5, the terminal device 500 can furtherinclude a camera, a Bluetooth module, etc. without limitation.Specifically, the processor 508 of the terminal device can follow theinstructions below to load executable files corresponding to one or moreapplication programs into the memory 502. The processor 508 can executeapplication programs stored in the memory 502 to achieve variousfunctions.

Although not shown in FIG. 5, the terminal device 500 can furtherinclude a camera, a Bluetooth module, etc. without limitation.Specifically, the terminal device can have a display unit of a touchscreen display, a memory, and one or more programs stored in the memory.The terminal device can be configured to use one or more processor toexecute the one or more programs stored in the memory.

In an exemplary method, data for detection are acquired. The data fordetection include data that need a security detection and that need tobe updated. Whether the data for detection are to be updated for a firsttime is then determined. When the data for detection are to be updatedfor the first time is determined, the data for detection can be updatedto obtain the updated data for detection, which can then be encrypted toprovide first encrypted data. The first encrypted data can be stored.When the data for detection are not to be updated for the first time isdetermined, an original value of the data for detection can be acquiredand encrypted to provide second encrypted data. The stored firstencrypted data can be acquired. When the second encrypted data do notequal to the first encrypted data is determined, the data for detectionhave been unauthorizedly modified can be determined.

Further, all data that need to be updated can be taken as the data fordetection. Alternatively, in order to reduce the burden of detection andimprove system performance, only key data are detected and updated,while regular data other than the key data can be updated usingconventional methods.

What need for detection that can be configured, according to specificpractical applications. The configuration can be configured directly inthe client or be issued by a server. For example, before acquiring datafor detection, the method of detecting data security further includes:receiving address configuration information of data that need to bemonitored from the server. Whether the security detection is needed forthe data can be determined according to the address configurationinformation of the data. The acquiring of data for detection can includeacquiring the data for detection after the need of security detection isdetermined for the data.

Optionally, when the second encrypted data do not equal to the firstencrypted data is determined, the second encrypted data may also bestored. Further, after that the data have been unauthorizedly modifiedis determined, a message indicating the unauthorizedly modification ofthe data can be notified to the server. For example, after determiningthat the data have been unauthorizedly modified, the method may furtherincludes: sending a notification message to the server. The notificationmessage indicates that the data have been unauthorizedly modified.Specific implementation of each step can be referred to aboveembodiments.

In this manner, the terminal device acquires data for detection. Whetherthe data for detection are to be updated for a first time is determined.When the data for detection are to be updated for the first time, thedata for detection can be updated to obtain updated data for detection,which can then be encrypted to provide first encrypted data. The firstencrypted data can be stored. When the data for detection are not to beupdated for the first time, an original value of the data for detectioncan be acquired and encrypted to provide second encrypted data. Thesecond encrypted data are compared with the stored first encrypted data.When the second encrypted data do not equal to the first encrypted data,then the data that are not to be updated for the first time can bedetermined having been unauthorizedly modified.

The disclosed method is simple to be implemented without relying onspecific logical of a certain application (e.g. a game). Indeed, thedisclosed method can be applied and generalized to any applications. Forexample, even if the applied application changes its version, there isno need to re-design detecting logic according to the changed version ofthe application. Development and maintenance costs can be reducedsignificantly. Further, since most operations and verifications asdisclosed do not need to be implemented by the server, occupancy ofserver resources can be reduced, and system performance and userexperience can be improved.

It should be noted that, in the present disclosure each embodiment isprogressively described, i.e., each embodiment is described and focusedon difference between embodiments. Similar and/or the same portionsbetween various embodiments can be referred to with each other. Inaddition, exemplary apparatus (e.g., a server) is described with respectto corresponding methods.

The disclosed methods, and/or apparatus can be implemented in a suitablecomputing environment. The disclosure can be described with reference tosymbol(s) and step(s) performed by one or more computers, unlessotherwise specified. Therefore, steps and/or implementations describedherein can be described for one or more times and executed bycomputer(s). As used herein, the term “executed by computer(s)” includesan execution of a computer processing unit on electronic signals of datain a structured type. Such execution can convert data or maintain thedata in a position in a memory system (or storage device) of thecomputer, which can be reconfigured to alter the execution of thecomputer as appreciated by those skilled in the art. The data structuremaintained by the data includes a physical location in the memory, whichhas specific properties defined by the data format. However, theembodiments described herein are not limited. The steps andimplementations described herein may be performed by hardware.

A person of ordinary skill in the art can understand that the modulesincluded herein are described according to their functional logic, butare not limited to the above descriptions as long as the modules canimplement corresponding functions. Further, the specific name of eachfunctional module is used for distinguishing from on another withoutlimiting the protection scope of the present disclosure.

As used herein, the term “module” can be software objects executed on acomputing system. A variety of components described herein includingelements, modules, units, engines, and services can be executed in thecomputing system. The apparatus, devices, and/or methods can beimplemented in a software manner. Of course, the apparatus, devices,and/or methods can be implemented using hardware. All of which arewithin the scope of the present disclosure.

In various embodiments, the disclosed modules can be configured in oneapparatus (e.g., a processing unit) or configured in multiple apparatusas desired. The modules disclosed herein can be integrated in one moduleor in multiple modules. Each of the modules disclosed herein can bedivided into one or more sub-modules, which can be recombined in anymanner.

One of ordinary skill in the art would appreciate that suitable softwareand/or hardware (e.g., a universal hardware platform) may be includedand used in the disclosed methods and systems. For example, thedisclosed embodiments can be implemented by hardware only, whichalternatively can be implemented by software products only. The softwareproducts can be stored in a computer-readable storage medium including,e.g., ROM/RAM, magnetic disk, optical disk, etc. The software productscan include suitable commands to enable a terminal device (e.g.,including a mobile phone, a personal computer, a server, or a networkdevice, etc.) to implement the disclosed embodiments.

Note that, the term “comprising”, “including” or any other variantsthereof are intended to cover a non-exclusive inclusion, such that theprocess, method, article, or apparatus containing a number of elementsalso include not only those elements, but also other elements that arenot expressly listed; or further include inherent elements of theprocess, method, article or apparatus. Without further restrictions, thestatement “includes a . . . ” does not exclude other elements includedin the process, method, article, or apparatus having those elements.

The embodiments disclosed herein are exemplary only. Other applications,advantages, alternations, modifications, or equivalents to the disclosedembodiments are obvious to those skilled in the art and are intended tobe encompassed within the scope of the present disclosure.

INDUSTRIAL APPLICABILITY AND ADVANTAGEOUS EFFECTS

Without limiting the scope of any claim and/or the specification,examples of industrial applicability and certain advantageous effects ofthe disclosed embodiments are listed for illustrative purposes. Variousalternations, modifications, or equivalents to the technical solutionsof the disclosed embodiments can be obvious to those skilled in the artand can be included in this disclosure.

In the disclosed methods, apparatus and system of detecting datasecurity, data for detection are acquired. Whether the data fordetection are to be updated for a first time is determined. When thedata for detection are to be updated for the first time, the data fordetection can be updated to obtain updated data for detection, which canthen be encrypted to provide first encrypted data. The first encrypteddata can be stored. When the data for detection are not to be updatedfor the first time, an original value of the data for detection can beacquired and encrypted to provide second encrypted data. The secondencrypted data are compared with the stored first encrypted data. Whenthe second encrypted data do not equal to the first encrypted data, thenthe data that are not to be updated for the first time can be determinedhaving been unauthorizedly modified.

The disclosed methods, apparatus and system are simple to be implementedwithout relying on specific logical of a certain application (e.g. agame). Indeed, the disclosed method can be applied and generalized toany applications. For example, even if the applied application changesits version, there is no need to re-design detecting logic according tothe changed version of the application. Development and maintenancecosts can be reduced significantly. Further, since most operations andverifications as disclosed do not need to be implemented by the server,occupancy of server resources can be reduced, and system performance anduser experience can be improved.

What is claimed is:
 1. A method of detecting data security, comprising:acquiring data for detection, wherein the data for detection includedata that need a security detection and that need to be updated;determining whether the data for detection are to be updated for a firsttime; and when the data for detection are to be updated for the firsttime, updating the data for detection, obtaining the updated data fordetection, encrypting the updated data for detection to provide firstencrypted data, and storing the first encrypted data; or when the datafor detection are not to be updated for the first time, acquiring anoriginal value of the data for detection, encrypting the original valueto provide second encrypted data, acquiring the stored first encrypteddata, and determining that the data for detection have beenunauthorizedly modified, after determining that the second encrypteddata do not equal to the first encrypted data.
 2. The method accordingto claim 1, wherein the acquiring of data for detection includes:acquiring data that need to be updated, and determining that the datathat need to be updated are the data for detection; or acquiring datathat need to be updated, and after determining that the data that needto be updated are key data, determining that the data that need to beupdated are the data for detection.
 3. The method according to claim 1,further including: receiving address configuration information of datathat need to be monitored sent from a server; and determining whetherthe security detection is needed for the data, according to the addressconfiguration information of the data; wherein the acquiring of data fordetection includes: after determining that the security detection isneeded for the data, acquiring the data as the data for detection. 4.The method according to claim 1, wherein, after determining that thedata for detection have been unauthorizedly modified, the method furtherincludes: sending a notification message to the server, wherein thenotification message indicates that the data have been unauthorizedlymodified.
 5. The method according to claim 1, further including: storingthe second encrypted data, when that the second encrypted data do notequal to the first encrypted data is determined.
 6. An apparatus ofdetecting data security, comprising: an acquiring unit configured toacquire data for detection, wherein the data for detection include datathat need a security detection and that need to be updated; adetermining unit configured to determine whether the data for detectionare to be updated for a first time; a first processing unit configured,after determining that the data for detection are to be updated for thefirst time, to update the data for detection, to obtain the updated datafor detection, to encrypt the updated data for detection to providefirst encrypted data, and to save the first encrypted data; and a secondprocessing unit configured, after determining that the data fordetection are not to be updated for the first time, to acquire anoriginal value of the data for detection, to encrypt the original valueto provide second encrypted data, to acquire the stored first encrypteddata, and to determine that the data for detection have beenunauthorizedly modified, after determining that the second encrypteddata do not equal to the first encrypted data.
 7. The apparatusaccording to claim 6, wherein: the acquiring unit is configured toacquire data that need to be updated, and determine that the data thatneed to be updated are the data for detection.
 8. The apparatusaccording to claim 6, wherein: the acquiring unit is configured toacquire data that need to be updated, and, after determining that thedata that need to be updated are key data, determine that the data thatneed to be updated are the data for detection.
 9. The apparatusaccording to claim 6, further including a receiving unit and adetermining unit, wherein the receiving unit is configured to receiveaddress configuration information of data that need to be monitored sentfrom a server; the determining unit is configured to determine whetherthe security detection is needed for the data, according to the addressconfiguration information of the data; and the acquiring unit isconfigured, after determining that the security detection is needed forthe data, to acquire the data as the data for detection.
 10. Theapparatus according to claim 6, wherein: the second processing unit isfurther configured to send a notification message to the server afterdetermining that the data for detection have been unauthorizedlymodified, wherein the notification message indicates that the data havebeen unauthorizedly modified.
 11. The apparatus according to claim 6,wherein: the second processing unit is further configured to store thesecond encrypted data, when that the second encrypted data do not equalto the first encrypted data is determined.
 12. A non-transitorycomputer-readable medium having computer program for, when beingexecuted by a processor, performing a method of detecting data security,the method comprising: acquiring data for detection, wherein the datafor detection include data that need a security detection and that needto be updated; determining whether the data for detection are to beupdated for a first time; and when the data for detection are to beupdated for the first time, updating the data for detection, obtainingthe updated data for detection, encrypting the updated data fordetection to provide first encrypted data, and storing the firstencrypted data; or when the data for detection are not to be updated forthe first time, acquiring an original value of the data for detection,encrypting the original value to provide second encrypted data,acquiring the stored first encrypted data, and determining that the datafor detection have been unauthorizedly modified, after determining thatthe second encrypted data do not equal to the first encrypted data. 13.The non-transitory computer-readable medium according to claim 12,wherein the acquiring of data for detection includes: acquiring datathat need to be updated, and determining that the data that need to beupdated are the data for detection; or acquiring data that need to beupdated, and after determining that the data that need to be updated arekey data, determining that the data that need to be updated are the datafor detection.
 14. The non-transitory computer-readable medium accordingto claim 12, the method further including: receiving addressconfiguration information of data that need to be monitored sent from aserver; and determining whether the security detection is needed for thedata, according to the address configuration information of the data;wherein the acquiring of data for detection includes: after determiningthat the security detection is needed for the data, acquiring the dataas the data for detection.
 15. The non-transitory computer-readablemedium according to claim 12, wherein, after determining that the datafor detection have been unauthorizedly modified, the method furtherincludes: sending a notification message to the server, wherein thenotification message indicates that the data have been unauthorizedlymodified.
 16. The non-transitory computer-readable medium according toclaim 12, the method further including: storing the second encrypteddata, when that the second encrypted data do not equal to the firstencrypted data is determined.